15 Comments

Summary:

Given Dropbox’s huge popularity — it claims 100 million users — it’s not surprising that many workers use it at the office. But that trend is worrisome to IT departments concerned with security breaches.

cloud storage

Note to CIOs: If you don’t think your workers are using Dropbox to store and share business documents, you’ve got another think coming.

dropboxusagedeptOne out of five of 1,300 business users surveyed said they use the consumer file-sync-and-share system with work documents, according to new research by Nasuni, an enterprise storage management company. And, half of those Dropbox users do this even though they know it’s against the rules.

The most blatant offenders are near the top of the corporate heap — VPs and directors are most likely to use Dropbox despite the documented risks and despite corporate edicts. C-level and other execs are the people who brought their personal iPads and iPhones into the office in the first place and demanded they be supported.

These findings should not be news to anyone who’s been paying attention. Dropbox, the popular service that consumers use to store and share photos, files and other documents, has become the proxy for “shadow IT” — technology that comes inside a corporation but is beyond the control and tracking of corporate IT departments.

dropboxtitleDropbox claims a whopping 100 million users — and its popularity is driven by the exploding use of smart phones and tablets to send, sync and share documents. This whole bring your own device (BYOD) movement causes huge headaches for corporate IT departments which are supposed to keep company data secure. The problem with many corporate file-share-and-sync solutions, is they aren’t as easy to use as Dropbox and don’t necessarily support personal smartphones or tablets. So if you’re trying to work and need your document, you take the path of least resistance: Dropbox.

Here’s the problem: if corporate workers put sensitive internal files up there, the door is open to abuse. According to the survey:

“The sensitive data stored in Dropbox is not secure and just as importantly, not controlled by IT. This means that if an employee leaves the company, the information that [a] user has stored goes with them, creating a significant risk of data loss or exposure. Furthermore, as the amount of sensitive corporate data stored in Dropbox increases, the online file-sharing service will become a
more attractive target for hackers and other malicious groups.”

Companies like Nasuni — or rivals like TwinStrata and StorSimple as well as companies like BoxOwnCloud and LogMeIn — pitch their services as enterprise-class secure cloud storage. So, the survey is self-serving for Nasuni, but that doesn’t mean the results aren’t worth noting.

  1. Brandon Corbin Sunday, December 2, 2012

    Nice ad for Nasuni ಠ_ಠ

  2. Süleyman Okan Monday, December 3, 2012

    When it comes to industrial espionage, there’s negligible security difference between “no leaks” and “open doors”. This is way overblown.

  3. This is more of a Bring Your Own Service problem than BYOD. Two separate issues IMO.

    According to a similar survey by Varonis and IDG, 2/3rd of senior management aren’t sure where their corporate data is. Many execs have been caught with their pants down here, without any policy or protection around which data can (and does) go to the cloud.

    End-users are flocking to cloud-based solutions because they work so much better than what IT can usually provide. This seems to be changing with the

    http://hub.varonis.com/CloudSurvey/

  4. This is more of a Bring Your Own Service problem than BYOD. Two separate issues IMO.

    According to a similar survey by Varonis and IDG, 2/3rd of senior management aren’t sure where their corporate data is. Many execs have been caught with their pants down here, without any policy or protection around which data can (and does) go to the cloud.

    End-users are flocking to cloud-based solutions because they work so much better than what IT can usually provide. This seems to be changing with lots of well-designed private cloud options now available.

    http://hub.varonis.com/CloudSurvey/

    1. That’s true. Accellion (full disclosure – where I work) is a dropbox alternative. We have sold to more than 1,700 enterprise IT departments and offer multiple deployment options, including a private cloud solution.

  5. This is precisely the challenge that Digitiliti was created to solve. Keeping the information available is the critical need that drives employees to consumer sharing services. Keeping information secure is what IT (and any exec worth their annual bonus) needs to do. Digitiliti’s DigiLibe achieves this in a frictionless and GARP compliant way. http://www.digitiliti.com

  6. The dropbox problem isn’t going to be solved by ignoring it or by shoving a bad alternative down user throats. In my experience working with large enterprises at Oxygen Cloud, IT departments are reacting and want to react; however, they need a real IT solution … not consumer products with encryption or more Sharepoint-like products of any kind. The dropbox phenomenon is the confluence of many fundamental trends and the resulting effect: the PC based corporate IT era is over …. a new IT ecosystem and a new approach to enterprise IT is the only answer.

  7. We’re an enterprise software startup and we’ve been aware of this problem for quite a while now. Many of the customers we meet, big and small, know that their employees are using dropbox for business. Driven by mobility and ease of use, dropbox just can’t be stopped. The IT organisations know it and are very concerned about it.

    The problem is even worse with regulated industries. For example, in healthcare, there’s a serious issue with HIPAA compliance, and in legal there are a number of privacy laws that protect client information. Firms are at risk of losing a lot of money and reputation, as a result of mistakes that are very easy to make in file sharing services. Not to mention the risks of inevitable incidents like an employee losing a device synced to dropbox.

    This is a very interesting problem, and we’ve been working hard to find a way to let people use the path of least resistance, namely dropbox, while still providing the security and control that enterprises need.

  8. Excellent post, even though Dropbox is a useful tool we can’t deny the fact that it has also disadvantages. BTW, if you are looking for fast and reliable replication and synchronization between cloud services like Evernote and Google Docs please check out CloudHQ by clicking the link https://www.cloudhq.net/?utm_source=http%3A%2F%2Fgigaom.com%2Fcloud%2Fguess-what-mr-cio-one-in-five-of-your-employees-use-dropbox-for-work-files%2F&utm_medium=Pluggio&utm_campaign=Guess%2Bwhat%2BMr.%2BCIO%3F%2BOne%2Bin%2Bfive%2Bof%2Byour%2Bemployees%2Buses%2BDropbox%2Bat%2Bwork

  9. Stephen Bulfer Monday, December 3, 2012

    This is great research, thanks for sharing. We have been supporting both ends of the spectrum with our mobile solution – excellent UI/UX for the employee and the highest level of security, controls, and compliance for IT. We believe you can have your cake and eat it too…and all of our customers do too. We are serving some of the largest banks, CPG, biotech, pharma, transportation, education, and the US government – all who had a Dropbox problem before using ionGrid’s Stratos (formerly Nexus) solution. We uniquely allow for both BYOD or corporate sponsored devices to be used for what they are best at…productivity and fun/entertainment, simultaneously. Sound impossible? Visit us at http://www.iongrid.com for more information.

  10. And guess what – corporate workers have been emailing documents to their personal email addresses for years. Dropbox is just another incarnation of the inevitable.

    Security cannot be managed by technology alone, it also requires HR and legal policies. The individual is ultimately accountable and responsible.

Comments have been disabled for this post